FLEET CARD FRAUD: The Changing Nature of
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
The Changing Nature of
FLEET CARD FRAUD:
Sources, Trends and Prevention
CHEVRON, the Chevron Hallmark, TEXACO, the Texaco Logo and TECHRON are registered trademarks of Chevron Intellectual Property LLC.
1 © Chevron U.S.A. Inc. All rights reserved.FLEET CARD FRAUD—
RISKS AND SECURITY
$31+B
Technology has led to rapid innovation in payment tools and methods.
However, it has also created more opportunities for criminals to commit fraud. $21.8 B
2015 2020
Payment cards, such as fleet cards, are an especially attractive
target. In 2015, global losses from fraud on credit cards, debit cards,
and prepaid cards topped $21.8 billion.1 According to industry GLOBAL FRAUD LOSSES
projections, fraud losses will exceed $31 billion by 2020.
Realizing that even a single fraudulent transaction can have potentially devastating,
long-term consequences, managers are constantly working to better understand
how, where, and when fraud happens—from both inside and outside of their
organizations. And, although it is difficult to predict what portion of this fraud
will involve fleet card abuse, many fleet professionals are taking action to identify
and rectify instances of fraud as quickly and effectively as they can.
There has been a tremendous amount of research conducted and awareness raised about
consumer credit card fraud, but many of the conclusions don’t necessarily apply to the fleet space.
The purpose of this paper is to develop a better understanding
of bank card vs. fleet card fraud, including:
• Why fleets using bank cards are more vulnerable to fraud
• Where most fleet card fraud originates
• How to measure the total cost of fraud (TCF)
• How managers can identify fraud and minimize reoccurrences
2Sources of Fraud Overview
Instances of business fraud are initiated one
of two ways: either by someone outside the
organization (3rd party), or by an employee.
For most companies, acts of fraud typically originate
from outside the company. A study from the Outside Email Organized
Association of Financial Professionals (AFP) found: entity fraud crime
•
Roughly two-thirds (65%) of companies
reported having experienced fraudulent attacks
65% 50% 15%
attempted by an outside entity during 2015.2 SOURCES OF FRAUD
• Fifty percent reported being the target of fraudulent email solicitations, and
• Fifteen percent reported hacks tied to organized crime.
Companies who offer corporate/commercial payment cards seem to be at an
even greater risk. The AFP research found that more than three quarters (77%)
of commercial card companies were targeted for fraudulent attacks.
Notably, large companies (with revenues of $1B or
Fleets that issue more) were more likely to experience employee-
consumer credit cards committed card fraud than smaller companies.
Intuitively, this makes some sense. Large companies
may unknowingly issue a greater number of cards. More cards in use will
expose themselves generate more transactions, making each transaction
to greater risks. more difficult to track and monitor against fraud.
• Consumer cards
lack basic security
Sources of Fleet Card Fraud
measures and Fleet businesses are susceptible to outside threats,
controls, such as
including identity theft and counterfeiting, as well as fraud
requiring a unique PIN
and/or driver ID number from employee misuse of their corporate-issued fleet cards.
• Little ability to prevent By necessity, fleet managers must extend some amount of
the purchase of specific purchasing power to their drivers. At the very least, drivers
products and services must have access to a convenient way to purchase fuel for
• No analytics tools their company vehicles. Additionally, some companies allow
to track and analyze drivers to pay for routine maintenance, emergency repairs
purchasing data for and other vehicle services using a corporate issued fleet card.
inappropriate purchases
Unfortunately, this flexibility also increases the risk
• No ability to create of fraud. Not only is it difficult to fully vet each driver
real-time alerts for before he or she is granted purchasing authority, the
suspicious activity
number of transactions that occur each month often
makes manual investigation nearly impossible.
3External vs. Internal Fleet Card Fraud
FACT
Fleet card fraud can originate from both external and internal sources.
Some of the more common methods include:
77%
External Fraud of companies
subjected to
• Credit card skimming/cloning an attack were
“Skimmers” are electronic devices that fraudsters attach to credit card using commercial
point-of-sale readers. Easily disguised and difficult to detect, skimmers purchasing cards.
scan the magnetic stripe to gain access to the cardholders credentials.
Information is stored and used to create fake “cloned” card accounts.
• Lost/stolen “swipe and go” credit cards
Most fleet cards require a user to input a unique PIN and/or driver ID to authorize
each purchase, but many consumer credit cards are still “swipe and go,” allowing
anyone to use them.
• “Phishing” scams
Online fraudsters trick fleet card holders via email or text into revealing their card
credentials by posing as a trusted source, such as a vendor partner or company
executive. This is also known as “business email compromise,” or BEC.
• Data breaches
Hackers can break into private databases that contain confidential cardholder information
to create fraudulent credit card accounts, or sell the information to other criminals.
Internal Fraud
• Fleet cards personal use
Employees use their cards to purchase fuel or maintenance services on personal
vehicles, to purchase non-fuel items or allow others to make purchases with the card.
• Misusing company benefits
Drivers use merchant loyalty programs for personal benefit. For example, when
employees gain access to company-earned discount prices to fuel personal vehicles.
• Fuel theft
Fraudsters hide “bladder tanks” inside pick-up trucks or vans that are capable of storing a
substantial amount of fuel. Typically, the tanks are attached to regular gas tanks and filled
during several visits to multiple gas stations. Fraudsters use either their own company-issued
cards or counterfeited cards to pay for the stolen gas, which they later resell for profit.
4Frequency of Fleet Card Fraud
The tell-tale signs
Accurate, up-to-date data about incidence
of fleet card fraud of fraud in the fleet card industry is
difficult to obtain. In the few industry
• The wrong card studies that exist, survey participants
is used for the often self-report perceptions or anecdotal
wrong vehicle experience, which can skew results.
• One card is used to fuel multiple vehicles The aforementioned AFP study reports
• Drivers are caught sharing PIN numbers that 16% of companies that reported an
actual or attempted fraud attack in 2015
• Former drivers keep using cards were using fleet cards.3 This percentage
after termination or retirement holds roughly steady for companies both
• Fuel purchases exceed tank above and below $1 billion in revenues.
capacity (e.g., 100+ gallons)
There are several possible explanations
• Purchases occur well outside for the disparity between commercial and
normal operating geography fleet card fraud. For starters, fleet cards
are not used universally by all businesses,
• Fuel type mismatch: fuel purchased is
so they will inherently experience a
the wrong grade for a given vehicle
fewer number of attacks overall.
• Too many transactions occur in
a given day or week, or outside Fleet Card Fraud Protections
normal business hours
Unlike other corporate/commercial
payment cards, fleet cards incorporate
several protections against fraud, such as:
Driver Prompts: Drivers must input PIN and ID numbers in order to
authorize transactions. Even if a skimmer collects a card’s credentials,
the counterfeit can’t be used without this input as well.
Card Controls: Automatic limits can be set in advance to restrict which
products drivers can purchase, in what quantities, where and when.
Suspicious Activity Alerts: Real-time text or email alerts inform
managers of when unusual purchases have occurred, or when purchases
have occurred outside the usual operational areas/times.
Pump shut-off: Some cards will automatically stop fueling at a pump
once a certain quantity or dollar limit has been reached on the card.
Analytics: Sophisticated tracking software allows fleet managers to catch
inappropriate purchases that would have otherwise slipped through the cracks.
5Employee and Manager Perceptions Differ
A third reason for the disparity between commercial
and fleet card fraud may be that fraud among
fleet card users is underreported. Perceptions
among both fleet managers and drivers, for
example, suggest that fleet card fraud may be
more common than the numbers suggest.
Recent studies have found that a third of U.S.
fleet drivers believe it’s acceptable to occasionally
use their company vehicle to run a personal
errand, while most managers would disagree.
Common Sources of Fleet Card Fraud
When asked to name what they thought were the most common sources of fraud, fleet
managers tended to identify deliberate actions drivers took for their personal gain. A plurality
of managers (39%) agreed that drivers siphoning fuel occurred very or somewhat frequently,
followed by drivers paying for fuel with cash to hide inappropriate purchases (35%).
Drivers, meanwhile, tended to assert fraud was just as much a crime of convenience and/or
negligence as an act of intentional misconduct. Drivers said they thought the most common
sources of fraud included drivers exploiting loyalty programs for personal use (44%) and
negligent driver behavior (32%), in addition to intentional misuse of genuine cards (39%).
CASE STUDY: Fraud in Government Fleets
Some of the only hard numbers about fleet
card fraud come from the federal government, which publishes
figures about government vehicles.
From 2010 to 2014, the latest years for which data was available,
the U.S. General Services Administration reports that government
employees committed $2.4 million of fuel fraud using government-
issued payment cards. In total, there were 260 cases.4
While on their face these numbers seem dramatic, it’s worth remembering that
government vehicle fleets include over 650,000 vehicles that consume more
than $400 million in fuel per year. More than 590,000 fleet cards are in circulation,
meaning the rate of fuel fraud over all cards is less than a tenth of a percentage
point. Fraud losses accounted for just 0.06% of total fuel spend per year.
6Steps Fleets Can Take To Reduce the Risk of Fraud
The Cost of
Fleets can implement several policies to deter fraud before
Successful it occurs. In the case of both external and internal fraud, the
Fraud Attacks best alternative is often the adoption of a fleet card.
In 2013, the most recent Fleet cards offer powerful security measures, such as driver prompts
year for which information and card controls, which can help managers rein in unauthorized
was available, the expenditures. Fleet managers should consider the following actions:
payment card industry
estimated fuel-related • assword-protect all company electronics,
P
fraud cost the industry including laptops, smartphones, and tablets.
$500 million.5
(This figure is not specific to fleet • I mplement an “early warning system” for fuel purchases via
cards, but also includes losses real-time alerts.
from credit cards, debit cards, etc.)
• Monitor reports for “smoking guns”, including purchases that are
too frequent, too expensive, or fall outside operational geography.
• Regularly audit card use to ensure drivers comply with policy.
• Deactivate old cards with driver/vehicle IDs no longer in use.
• Keep spare cards deactivated and physically locked in a
secure location.
Security training is a valuable tool for teaching drivers and other employees how to
recognize and avoid fraud attempts, empowering them to become part of the solution.
Managers should consider security training on:
FACT:
• How to recognize signs of pump tampering
• Fueling best practices, such as filling up only at stations with
surveillance video or at pumps closest to the station
Only 27%
of managers
• How to recognize “phishing” scams reported running
security training
• The importance of not sharing cards, passwords for drivers.
and driver prompt information
7Conclusions
NOTE:
Fleet cards remain particularly susceptible to fraud committed by both
external and internal actors. From the available data, we can draw several Fleet card fraud is
conclusions about the motives and incidence rates of fleet card fraud: difficult to quantify,
but it appears to
• Fleet card fraud is difficult to quantify, but it appears to be
be lower for fleet
lower for fleet cards than for other payment cards.
cards than for other
• Most companies are vulnerable to fraud attacks from external payment cards.
sources, but fleets are also exposed to employee-committed fraud.
• Fleets that rely on consumer credit cards for fuel purchases
expose themselves to unnecessary risk of fraud, since fleet cards
provide additional security measures that reduce risk.
• Sources of external fraud include skimming, theft, phishing scams, and data breaches.
• Internal sources of fraud include drivers misusing company
benefits, fleet cards, and stealing fuel.
• Business’ can take several proactive measures to protect against fraud,
including the use of fleet cards and better employee security training.
1. https://www.nilsonreport.com/index.php, March 15, 2017.
2, 3. " 2016 AFP Payments Fraud and Control Survey." March 2016. Association for Financial Professionals,
Underwritten by JPM. https://www.pnc.com/content/dam/pnc-com/pdf/corporateandinstitutional/
Treasury%20Management/2016_AFP_Payments_Fraud_Report.pdf. This survey included 627
responses from corporations in various sizes and industries. It was conducted January 2016.
4. Nikolewski, Rob. "Fuel Fraud: Government Employees steal millions from taxpayers at the pump." Watchdog.
org. September 23, 2015. http://watchdog.org/239117/fuel-fraud-taxpayers, March 15, 2017.
5. Sidel, Robin. "Credit-Card Fraudsters Pump Gas Stations for Profit." Wall Street Journal. September 3, 2015. http://
www.wsj.com/articles/credit-card-fraudsters-pump-gas-stations-for-profit-1441253132, March 15, 2017.
Sponsored by:
WEX Inc.
wexinc.com CHE 11458
8You can also read
